Ron Loneker
Director, IT Special Projects,
Saint Elizabeth University
A Small University and GLBA: Third-Party Risk Management
Tuesday, May 20, 2025 | 1:30PM–2:15PM ET | Harborside Ballroom C, 4th Floor
Session Type:
Breakout Session
Delivery Format:
Presentation/Panel
Saint Elizabeth University is a small institution with very limited staff which needed to comply last year with the Gramm-Leach-Bliley Act for vulnerability scanning and third party risk management, specifically sections 16 CFR § 314.4(d)(2) - establishment of continuous monitoring processes for information systems or periodic vulnerability assessments and penetration testing and 16 CFR § 3 I 4.4(f)(3) - creation of procedures to periodically assess service providers. After an overview of the institution’s third-party hosted sites and vendors, a discussion of how this was accomplished and short demonstration of the applicable parts of the FortifyData system will be offered and then a follow-up discussion with the audience on how other small institutions might have accomplished compliance.
